Mercurial > kallithea
changeset 1618:9353189b7675 beta
Added automatic logout of deactivated/deleted users
author | Liad Shani <liadff@gmail.com> |
---|---|
date | Thu, 27 Oct 2011 20:40:49 +0200 |
parents | cf128ced8c85 |
children | 6ece8795104a |
files | rhodecode/lib/auth.py rhodecode/lib/base.py rhodecode/model/user.py |
diffstat | 3 files changed, 11 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/rhodecode/lib/auth.py Wed Oct 26 21:59:22 2011 +0200 +++ b/rhodecode/lib/auth.py Thu Oct 27 20:40:49 2011 +0200 @@ -271,13 +271,11 @@ if self._api_key and self._api_key != self.anonymous_user.api_key: #try go get user by api key log.debug('Auth User lookup by API KEY %s', self._api_key) - user_model.fill_data(self, api_key=self._api_key) - is_user_loaded = True + is_user_loaded = user_model.fill_data(self, api_key=self._api_key) elif self.user_id is not None \ and self.user_id != self.anonymous_user.user_id: log.debug('Auth User lookup by USER ID %s', self.user_id) - user_model.fill_data(self, user_id=self.user_id) - is_user_loaded = True + is_user_loaded = user_model.fill_data(self, user_id=self.user_id) elif self.username: log.debug('Auth User lookup by USER NAME %s', self.username) dbuser = User.get_by_username(self.username) @@ -296,6 +294,8 @@ #then we set this user is logged in self.is_authenticated = True else: + self.user_id = None + self.username = None self.is_authenticated = False if not self.username:
--- a/rhodecode/lib/base.py Wed Oct 26 21:59:22 2011 +0200 +++ b/rhodecode/lib/base.py Thu Oct 27 20:40:49 2011 +0200 @@ -50,7 +50,8 @@ username = None self.rhodecode_user = c.rhodecode_user = AuthUser(user_id, api_key, username) - if not self.rhodecode_user.is_authenticated: + if not self.rhodecode_user.is_authenticated and \ + self.rhodecode_user.user_id is not None: self.rhodecode_user.set_authenticated( getattr(session.get('rhodecode_user'), 'is_authenticated', False))
--- a/rhodecode/model/user.py Wed Oct 26 21:59:22 2011 +0200 +++ b/rhodecode/model/user.py Thu Oct 27 20:40:49 2011 +0200 @@ -243,16 +243,19 @@ else: dbuser = self.get(user_id) - if dbuser is not None: + if dbuser is not None and dbuser.active: log.debug('filling %s data', dbuser) for k, v in dbuser.get_dict().items(): setattr(auth_user, k, v) + else: + return False except: log.error(traceback.format_exc()) auth_user.is_authenticated = False + return False - return auth_user + return True def fill_perms(self, user): """